[ovs-discuss] arp spoofing
faicker.mo at gmail.com
Sat May 19 06:30:40 PDT 2012
I have viewed the ovs-ofctl man page, I found that the arp match has only arp_sha and arp_dha. It can't match the source ip in arp(SPA) and destination ip(DPA) in arp. Without this, the arp spoofing can't be prevented.
OVS replaces the bridge default in kernel. Ebtables can't work. But now OVS doesn't have enough function to replace eatables. For example, arp_reply module in eatables.
I have successfully realized the broute which is in eatables by OVS.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the discuss